Balancer was attacked and $129 million was stolen! Berachain validators have urgently shut down and plan to implement a Hard Fork.

The Decentralized Finance (DeFi) protocol Balancer suffered a major smart contract vulnerability attack on November 3, resulting in losses of over $129 million in crypto assets for investors across multiple chains, including Ethereum, Base, and Berachain. The attacker is in the process of exchanging the stolen liquid staking tokens (LST) for WETH in real-time. Berachain validators have urgently paused the network and are preparing for a hard fork in hopes of recovering the affected funds.

Balancer V2 Vulnerability Exploited: Large-Scale Theft of Multi-Chain Assets

The Balancer protocol confirmed that the V2 pool was affected by a vulnerability, and the security team is urgently investigating. Hackers exploited a specific flaw in the smart contracts, leading to the rapid emptying of assets across multiple chains.

• Loss scale and asset types: PackShieldAlert reports that the value of stolen assets has reached up to 129 million USD, primarily concentrated in the Ethereum network, including mainstream LSTs such as WETH, osETH, wstETH, sfrxETH, and rsETH.
• Affected networks are widespread: Spot On Chain data shows that multiple networks including Ethereum, Base, Optimism, Sonic, Polygon, and Berachain have been affected. After the attack, a dormant whale address was activated and withdrew $7.38 million in assets from Balancer.
• Attack Mechanism Analysis: Preliminary on-chain forensic analysis indicates that the attacker targeted Balancer Pool Tokens (BPT), which represent users' shares in the liquidity pool. The vulnerability stems from the price calculation logic during batch exchanges in Balancer, where the attacker manipulated this logic to distort internal prices, allowing them to extract tokens before the system self-corrected.

Berachain Takes Extreme Measures: Network-wide Shutdown and Hard Fork Deployment

The Berachain network is facing serious risks due to a vulnerability in Balancer V2, and the validators team has taken aggressive measures to contain the spread of losses.

• Network Suspension: Bera Foundation confirms that the validators have intentionally halted block production on the Berachain network to prevent further exploitation of vulnerabilities.
• Hard Fork Plan: The core team plans to address the vulnerabilities related to Balancer V2 through an emergency hard fork after recovering all affected funds.
• Ecological quick response: The Ethena team was contacted to disable the cross-chain bridging, the lending market and the deposit function of USDe on Berachain have been suspended, the minting and redemption of HONEY have also been suspended, and they are contacting mainstream CEX to blacklist the stolen addresses.

BAL Token Price Plummets Amidst Resurgence of DeFi Trust Crisis

This hacking attack not only caused significant financial losses but also triggered profound doubts about the effectiveness of security audits within the DeFi space, leading to a sharp decline in Balancer's Total Value Locked (TVL).

• Token price reaction: The price of BAL token plummeted by over 10% within a few hours, and the BERA token also fell by 7%. Due to the chain reaction of large-scale sell-offs, the prices of other LST tokens such as LDO, JTO, and RPL generally declined, and the price of Ethereum also dropped by over 4%.
• Trust Breakdown: Balancer was once regarded as one of the most reliable protocols in DeFi, with years of stable operation and multiple security audits. This incident is seen as a “trust collapse” because it indicates that even well-audited systems cannot withstand unknown vulnerabilities in complex systems.
• Security and Composability Paradox: This event highlights the double-edged sword of composability in DeFi—it can foster innovation while significantly amplifying systemic risk; the collapse of a core protocol can immediately impact all other protocols that depend on it.

Conclusion

The loss of 129 million USD by Balancer serves as a severe reminder of the risks present in the DeFi space: smart contract risks are everywhere, and security audits do not guarantee absolute safety. Berachain's decisive shutdown and Hard Fork are key steps in crisis management, but rebuilding trust will be the most daunting challenge that Balancer faces.